Installing the OpenXT Windows tools (drivers)
Installing the Windows driver certificate
Both manual builds (Windows build machine setup) and builds coming out of the OpenXT builder (http://openxt.ainfosec.com) use development certificates.
These certificates are not signed by Microsoft, and should be imported to the certificate store on the target VM. Ideally, some day the builder will use a proper production certificate.
For 32 bits systems this is optional but recommended. It is required on 64 bits ones.
If you built the Windows drivers yourself, you can find the certificate in the location where you ran makecert.bat (developer.cer in our examples).
If you're using the OpenXT builder, you can find the current Windows certificate there: http://openxt.ainfosec.com/certificates/windows/developer.cer
First, open a command prompt with right click and "Run as Administrator". Run the following:
bcdedit /set testsigning on
Then, to import the certificate, open a command prompt with right click and "Run as Administrator". Use the cd
command to go where the certificate is, run the following (and reboot):
certutil -addstore -f "Root" developer.cer
certutil -addstore -f "TrustedPublisher" developer.cer
You can now install the driver package, usually using the setup program under the "windows" directory in the "OpenXT Guest Tools" virtual CDROM drive.
Recommended additional configuration
Guest hibernation is not supported within OpenXT, which can result in recent versions of Windows 10 to fail to boot once every other boot. To turn default hibernation off at shutdown, open a command prompt as Administrator and run:
powercfg.exe /hibernate off
Windows startup repair utilities is can also trigger every boot without managing to perform its task, it is recommended to disable it. To change the default boot policy, open a command prompt as Administrator and run:
bcdedit /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {current} bootstatuspolicy ignoreallfailures